ACM.328 Addressing new risks in a different execution environment with different security configuration options
Part of my series on Automation of cybersecurity measures. Lambda. Internet Security. GitHub Security. Container security. Deploy a static website. THE Coded.
Free content on Cybersecurity Jobs | Register at Broadcast list
In the last article I was trying to run a Lambda function that assumes a role with MFA. Although I could run it just fine with the local emulator, I couldn’t get it to work when I deployed it to Lambda. Two articles ago I also realized that applying MFA in an SCP for Lambda doesn’t work in all scenarios. This leaves me with no options for using Lambda, assuming I haven’t done something wrong in my Lambda function.
I want to see if this container will work in AWS Batch. Essentially, AWS Batch lets you run non-interactive programs in containers like you can in Lambda, but they can run longer. AWS Batch is what I actually wanted to use first, as I have some long-standing programs that I use to assess the security of AWS accounts and perform penetration testing. I wrote about AWS Batch here:
Now it would be nice if we could just take the container and drop it into AWS Batch from AWS Lambda. However, it won’t work as is. Remember that I’m getting the function name in the headers and using some environment variables, which don’t seem to exist in AWS Batch.
Environment
On AWS, we need to create the following to run our batch job:
- A calculation environment: This is a definition of the environment in which the batch job runs, for example on Fargate, ECS or Kubernetes, and with what network configuration and compute resources.
- Job definition: A model for work (like a…